[39749] in North American Network Operators' Group
Re: filtering whitehouse.gov?
daemon@ATHENA.MIT.EDU (John Starta)
Sat Jul 21 22:11:03 2001
Message-Id: <5.1.0.14.2.20010721185942.036f5ec0@popcorn>
Date: Sat, 21 Jul 2001 19:09:51 -0700
To: "jono@networkcommand.com" <jono@microshaft.org>
From: John Starta <john@starta.org>
Cc: Andreas Plesner Jacobsen - Tiscali <apjacobsen@dk.tiscali.com>,
nanog@nanog.org
In-Reply-To: <20010721162951.D86996@networkcommand.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
At 04:29 PM 7/21/01 -0700, Jon O . wrote:
>On 22-Jul-2001, Andreas Plesner Jacobsen - Tiscali wrote:
>
> > No, since it is known that the provider hosting www1 and
> > www2.whitehouse.gov has already blackholed www1, and www.whitehouse.gov
> > only resolves to www2 now.
> > And then there's the big difference between operational stability and
> > poltical stability, of which operational is the primary concern to me at
> > least.
>
>Yes, because your fix is for this worm and luckily it only attacks www1.
>The next one might not be so benign and blackholing routes is not the
>answer. Also, it makes it harder to ID infected hosts so you can fix them.
Blackholing routes doesn't prevent you from identifying possibility
infected hosts. It simply means that you're not going to participate in the
abuse of anothers network and/or host. You can still log the traffic
destine for the target.
jas
